EP1554862B1 - Sitzungsschlüsselverwaltung für ein öffentliches drahtloses lan mit unterstützung mehrerer virtueller bediener - Google Patents
Sitzungsschlüsselverwaltung für ein öffentliches drahtloses lan mit unterstützung mehrerer virtueller bediener Download PDFInfo
- Publication number
- EP1554862B1 EP1554862B1 EP03788413.7A EP03788413A EP1554862B1 EP 1554862 B1 EP1554862 B1 EP 1554862B1 EP 03788413 A EP03788413 A EP 03788413A EP 1554862 B1 EP1554862 B1 EP 1554862B1
- Authority
- EP
- European Patent Office
- Prior art keywords
- session key
- virtual operator
- mobile terminal
- secure channel
- user authentication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000000034 method Methods 0.000 claims description 18
- 238000004891 communication Methods 0.000 claims description 13
- 230000001413 cellular effect Effects 0.000 claims description 8
- 238000007726 management method Methods 0.000 description 9
- 230000007246 mechanism Effects 0.000 description 3
- 238000013475 authorization Methods 0.000 description 2
- 239000000470 constituent Substances 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000009826 distribution Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000005055 memory storage Effects 0.000 description 1
- 201000002266 mite infestation Diseases 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/18—Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
- H04L9/0841—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
- H04L9/0844—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols with user authentication or key authentication, e.g. ElGamal, MTI, MQV-Menezes-Qu-Vanstone protocol or Diffie-Hellman protocols using implicitly-certified keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M3/00—Automatic or semi-automatic exchanges
- H04M3/16—Automatic or semi-automatic exchanges with lock-out or secrecy provision in party-line systems
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W48/00—Access restriction; Network selection; Access point selection
- H04W48/18—Selecting a network or a communication service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W74/00—Wireless channel access
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W76/00—Connection management
- H04W76/10—Connection setup
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W84/00—Network topologies
- H04W84/02—Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
- H04W84/10—Small scale networks; Flat hierarchical networks
- H04W84/12—WLAN [Wireless Local Area Networks]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W88/00—Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
- H04W88/08—Access point devices
Definitions
- the present invention generally relates to network communications and, more particularly, to a mechanism for managing access to session keys in a public wireless local area network (WLAN) environment that supports third party virtual operators.
- WLAN wireless local area network
- WLAN wireless local area network
- AAA Authentication, Authorization, Accounting
- AAA Authentication, Authorization, Accounting
- WLANs are increasingly being deployed in hot spots such as hotels, airports and cafés.
- a sound and efficient AAA (Authentication, Authorization, Accounting) solution would be of great importance for enabling secure public wireless LAN access.
- AAA solution should be able to support a virtual operator concept in which third party providers such as ISPs, cellular operators and pre-paid card providers offer AAA services to the public WLANs and the wireless users.
- third party providers such as ISPs, cellular operators and pre-paid card providers offer AAA services to the public WLANs and the wireless users.
- ISPs Internet Protocol Security
- cellular operators cellular operators
- pre-paid card providers offer AAA services to the public WLANs and the wireless users.
- wireless users do not have to open an account or pay by credit each time they go to a different hot spot; instead, they can use existing ISP accounts, cellular accounts or a pre-paid card purchased anywhere to gain access to the public WLAN. This could significantly increase the business opportunities for the WLAN operators as well as third party virtual operators.
- the current wireless LAN access solutions are all designed for local set-ups such as a corporate environment in which only a single authentication server is used.
- the IEEE 802.11 standard body chooses IEEE 802.1x as the solution for WLAN access control, and the current usage models use authentication servers to control session key assignments. While this is sufficient for a corporate environment or the like, it is certainly problematic in a public hot spot where multiple authentication servers belonging to different business entities may coexist. It is very difficult, if at all possible, for these authentication servers to coordinate key assignments for an access point.
- a mobile user in a public WLAN hot spot does not have a prior trust relationship with the WLAN access point.
- the user intends to use a third party service provider (e.g. an Internet service provider (ISP)) as a trust bridging entity.
- a service provider may be referred to as a virtual operator.
- the user maintains an account with this virtual operator, which has a business relationship with the WLAN operator. Because the user has an established trust relationship with the virtual operator, she is able to authenticate herself with the virtual operator in a secure manner.
- the virtual operator then securely transmits a session key to the user as well as the WLAN access point (because the virtual operator also has a trust relationship with the WLAN). Because of this shared session key, the wireless LAN then knows that the user is authorized to access the network and thus grants access to the user.
- the virtual operator assigns the session key since it has a trust relationship with both the user and the WLAN.
- the session key is used for local access and should be local to the WLAN access point, e.g., assigned and maintained by the access point.
- the above mentioned key management scheme is problematic in at least two areas. First, for the virtual operator, it is often problematic to assign and manage session keys for tens of thousands of access points belonging to different entities, that is, to accommodate different encryption algorithms and key lengths for different types of access points. Secondly, for the access point, it may be difficult to make sure that multiple virtual operators assign session keys in a consistent manner, e.g. it has to make sure two users are not using the same key assigned by two different virtual operators at the same time.
- a key difficulty is that the access point does not share a secret with the wireless user, thus it is not secure to directly send a session key from the access point to the user.
- the virtual operator notifies the access point (AP) about the user's public key upon successful user authentication.
- the AP then encrypts the session key using the user's public key and then sends the result to the user. Since only that specific user is able to decrypt the session key using her corresponding private key, the session key can be securely established between the AP and the wireless user.
- this scheme requires the use of public/private keys, which may not be compatible with the actual authentication methods between the wireless user and the authentication server.
- Session keys are assigned and managed locally by the WLAN (since these keys are used for local access control), yet they can be securely distributed to the wireless users who only maintain a trust relationship with their corresponding virtual operators.
- a method for session key management for wireless local area networks includes establishing a first secure channel between an access point and a virtual operator, and suggesting a session key to the virtual operator from the access point.
- a second secure channel is established between the virtual operator and a user, and the session key is sent by the virtual operator to enable communications between the access point and the user.
- a system for session key management for wireless local area networks includes an access point, which establishes a first secure channel between the access point and a virtual operator.
- a session key is suggested to the virtual operator from the access point.
- the virtual operator establishes a second secure channel between and a user upon authentication of the user, the virtual operator setting the session key to enable communications between the access point and the user.
- the present invention generally relates to network communications and, more particularly, to a mechanism for managing access session keys in a public wireless local area network (WLAN) environment that supports third party virtual operators.
- virtual operators may include Internet Service Providers (ISPs), cellular operators, or pre-paid card providers.
- ISPs Internet Service Providers
- cellular operators cellular operators
- pre-paid card providers pre-paid card providers.
- WLAN public wireless local area network
- the present invention is described in terms of a WLAN systems, such as those that comply with IEEE 802.11, Hiperlan 2, and/or Ultrawide band standards; however, the present invention is much broader and may be applicable to other system management schemes for other communications systems. In addition, the present invention may be applicable to any network system including telephone, cable, computer (Internet), satellite, etc.
- a wireless local area network (WLAN) 14 includes an access point 30 for a WLAN hot spot 31.
- WLAN 14 may employ, for example, IEEE 802.11 and HIPERLAN2 standards.
- WLAN 14 may include a firewall 22 between external networks, such as, for example, the Internet 7.
- End users or mobile units 40 may access virtual operators 62 from WLAN 14 through the Internet 7 using, for example, HTTPS tunnels or other secured channels 64, as will be described herein.
- a session key 60 is sent from a virtual operator 62 to a user 40.
- Virtual operators 62 may include Internet Service Providers (ISPs), cellular operators, or pre-paid card providers or other entities, which provide services over a communications network.
- ISPs Internet Service Providers
- cellular operators cellular operators
- pre-paid card providers or other entities, which provide services over a communications network.
- WLAN public wireless local area network
- maintaining a plurality of virtual operators is difficult while maintaining adequate system security.
- the key 60 can be transmitted through a secure channel 64 between them.
- the keys are chosen by WLAN access points 30 and then hinted to the virtual operator. Keys may be chosen by a plurality of methods, including, for example, random number generation, selecting from a pre-stored number of keys, etc.
- a user (mobile terminal (MT)) requests wireless LAN access at an access point (AP) 30 and specifies a virtual operator (VO) 62.
- the AP 30 establishes a secure channel SC 1 with the virtual operator 62. All subsequent communication between the AP 30 and the virtual operator 62 will be through SC 1 .
- the user establishes a secure channel SC 2 with the virtual operator 62 and authenticates herself with the virtual operator through SC 2 . This may include putting the session key on hold until successful user authentication.
- the virtual operator upon successful user authentication, notifies the AP 30 about the result and asks the AP 30 for a session key 60 through SC 1 . If the session key is on hold, it may be removed from on hold if the authentication is unsuccessful.
- the AP 30 chooses a session key 60 and sends it to the virtual operator 62 through SC 1 .
- the virtual operator sends this session key to the user through SC 2 .
- the user and the AP 30 start using the session key for the subsequent communication between them (secure channel SC 3 ).
- the method as shown in FIG. 2 may be further improved for speed and efficiency as illustrated.
- the AP 30 Instead of having the virtual operator ask for the session key after successful authentication, the AP 30 provides a suggested session key right after SC 1 is established and puts this key "on hold" in memory 24 at access point 30.
- the AP 30 Upon successful user authentication, the AP 30 is notified by the virtual operator and starts using this key for SC 3 .
- the AP 30 In case of an unsuccessful authentication (e.g., after a certain number of unsuccessful tries by the user), the AP 30 is also notified and removes the key from the "on hold" list 24. This prevents a denial-of-service attack in which an attacker continuously makes unsuccessful authentication attempts. If the AP is not notified about unsuccessful authentication, the suggested keys would pile up in the AP's memory storage.
- the authentication steps may include the following.
- a user requests wireless LAN access at an AP 30 and specifies virtual operator 62.
- AP 30 establishes a secure channel SC 1 with the virtual operator 62. All subsequent communication between the AP and the virtual operator will be through SC 1 .
- the AP 30 sends a suggested session key to the virtual operator 62 and puts this key "on hold”.
- the user establishes a secure channel SC 2 with the virtual operator 62 and authenticates herself with the virtual operator 62 through SC 2 in block 209.
- the virtual operator 62 notifies the AP 30 about the authentication result, and the AP 30 removes the suggested key from the "on hold" list.
- the virtual operator 62 sends the session key to the user.
- the user and the AP 30 start using the session key for the subsequent communication between them (secure channel SC 3 ).
- step 206 the AP needs to send to the virtual operator the suggested key, it can be done in parallel with step 208. Thus overall, a round trip delay is avoided. In other embodiments step 206, may be performed sequentially with step 208.
- the present invention may be implemented in various forms of hardware, software, firmware, special purpose processors, or a combination thereof, for example, within a mobile terminal, access point, and/or a cellular network.
- the present invention is implemented as a combination of hardware and software.
- the software is preferably implemented as an application program tangibly embodied on a program storage device.
- the application program may be uploaded to, and executed by, a machine comprising any suitable architecture.
- the machine is implemented on a computer platform having hardware such as one or more central processing units (CPU), a random access memory (RAM), and input/output (I/O) interface(s).
- the computer platform also includes an operating system and microinstruction code.
- various processes and functions described herein may either be part of the microinstruction code or part of the application program (or a combination thereof), which is executed via the operating system.
- various other peripheral devices may be connected to the computer platform such as an additional data storage device and a printing device.
Landscapes
- Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
- Small-Scale Networks (AREA)
- Telephonic Communication Services (AREA)
Claims (14)
- Verfahren zum Managen eines Sitzungsschlüssels, der dafür verwendet wird, Kommunikationen zwischen einem mobilen Endgerät (40) und einem Zugriffspunkt (30) in einem drahtlosen lokalen Netz "WLAN" (31) zu ermöglichen, wobei das Verfahren die folgenden Schritte umfasst:Empfangen einer Anforderung für den Zugriff auf das WLAN von dem mobilen Endgerät (102);Bestimmen eines virtuellen Betreibers, der der Zugriffsanforderung zugeordnet ist (102);Aufbauen eines ersten sicheren Kanals zwischen dem Zugriffspunkt und dem virtuellen Betreiber (104);Anfordern einer Anwenderauthentifizierung von dem virtuellen Betreiber über den ersten sicheren Kanal, wobei der virtuelle Betreiber über einen zweiten sicheren Kanal mit dem mobilen Endgerät kommuniziert, um das mobile Endgerät zu authentifizieren (106);Auswählen eines Sitzungsschlüssels und Senden des Sitzungsschlüssels über den ersten sicheren Kanal (110) an den virtuellen Betreiber, wobei der virtuelle Betreiber den Sitzungsschlüssel über den zweiten sicheren Kanal (112) an das mobile Endgerät sendet; undKommunizieren mit dem mobilen Endgerät unter Verwendung des Sitzungsschlüssels (114).
- Verfahren nach Anspruch 1, wobei der Schritt des Anforderns der Anwenderauthentifizierung parallel zu dem Schritt des Auswählens und Sendens des Sitzungsschlüssels ausgeführt wird.
- Verfahren nach Anspruch 2, wobei der Kommunikationsschritt das Kommunizieren mit dem mobilen Endgerät unter Verwendung des Sitzungsschlüssels bei Empfang einer Benachrichtigung über erfolgreiche Anwenderauthentifizierung von dem virtuellen Betreiber umfasst.
- Verfahren nach Anspruch 2, wobei der Schritt des Auswählens eines Sitzungsschlüssels das Anordnen des Sitzungsschlüssels in einer Wartestellung bis zur Benachrichtigung über die erfolgreiche Anwenderauthentifizierung von dem virtuellen Betreiber und bei Benachrichtigung das Entfernen des Sitzungsschlüssels aus der Wartestellung und das Senden des Sitzungsschlüssels an den virtuellen Betreiber umfasst.
- Verfahren nach Anspruch 4, das ferner den Schritt des Entfernens des Sitzungsschlüssels aus der Wartestellung, falls die Authentifizierung erfolgreich ist, umfasst.
- Verfahren nach Anspruch 1, wobei der Schritt des Auswählens eines Sitzungsschlüssels und des Sendens des Sitzungsschlüssels an den virtuellen Betreiber über den ersten sicheren Kanal erst nach Empfang einer Benachrichtigung über erfolgreiche Anwenderauthentifizierung von dem virtuellen Betreiber ausgeführt wird.
- Verfahren nach Anspruch 1, wobei der virtuelle Betreiber einen Internetdienstanbieter oder einen Mobilfunknetzanbieter oder einen Kreditkartenanbieter enthält.
- Vorrichtung zum Managen eines Sitzungsschlüssels, der dafür verwendet wird, Kommunikationen zwischen einem mobilen Endgerät (40) und einem drahtlosen lokalen Netz "WLAN" (31) zu ermöglichen, wobei die Vorrichtung umfasst:ein Mittel zum Empfangen einer Anforderung für den Zugriff auf das WLAN von dem mobilen Endgerät (102);ein Mittel zum Bestimmen eines virtuellen Betreibers, der der Zugriffsanforderung zugeordnet ist (102);ein erstes Mittel zum Kommunizieren mit dem virtuellen Betreiber über einen ersten sicheren Kanal, wobei das erste Kommunikationsmittel von dem virtuellen Betreiber über den ersten sicheren Kanal eine Anwenderauthentifizierung anfordert, wobei der virtuelle Betreiber über einen zweiten sicheren Kanal mit dem mobilen Endgerät kommuniziert, um das mobile Endgerät zu authentifizieren (106);ein Mittel, das mit dem ersten Kommunikationsmittel gekoppelt ist, zum Auswählen eines Sitzungsschlüssels und zum Senden des Sitzungsschlüssels über den ersten sicheren Kanal (110) an den virtuellen Betreiber, wobei der virtuelle Betreiber den Sitzungsschlüssel über den zweiten sicheren Kanal (110) an das mobile Endgerät sendet; undein zweites Mittel zum Kommunizieren mit dem mobilen Endgerät unter Verwendung des Sitzungsschlüssels (114).
- Vorrichtung nach Anspruch 8, wobei das erste Kommunikationsmittel die Anwenderauthentifizierung parallel dazu anfordert, dass das Auswahlmittel den Sitzungsschlüssel auswählt und sendet.
- Vorrichtung nach Anspruch 9, wobei das zweite Kommunikationsmittel bei Empfang einer Benachrichtigung über erfolgreiche Anwenderauthentifizierung von dem virtuellen Betreiber unter Verwendung des Sitzungsschlüssels mit dem mobilen Endgerät kommuniziert.
- Vorrichtung nach Anspruch 10, wobei das Auswahlmittel den Sitzungsschlüssel bis zur Benachrichtigung über die erfolgreiche Anwenderauthentifizierung von dem virtuellen Betreiber in einer Wartestellung anordnet und bei Benachrichtigung den Sitzungsschlüssel aus der Wartestellung entfernt und den Sitzungsschlüssel an den virtuellen Betreiber sendet.
- Vorrichtung nach Anspruch 11, wobei das Auswahlmittel den Sitzungsschlüssel aus der Wartestellung entfernt, falls die Authentifizierung erfolgreich ist.
- Vorrichtung nach Anspruch 8, wobei das Auswahlmittel erst nach Empfang einer Benachrichtigung über erfolgreiche Anwenderauthentifizierung von dem virtuellen Betreiber einen Sitzungsschlüssel auswählt und den Sitzungsschlüssel über den ersten sicheren Kanal an den virtuellen Betreiber sendet.
- Vorrichtung nach Anspruch 8, wobei der virtuelle Betreiber einen Internetdienstanbieter oder einen Mobilfunknetzanbieter oder einen Kreditkartenanbieter enthält.
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US40349502P | 2002-08-14 | 2002-08-14 | |
US403495P | 2002-08-14 | ||
PCT/US2003/025254 WO2004017617A1 (en) | 2002-08-14 | 2003-08-13 | Session key management for public wireless lan supporitng multiple virtual operators |
Publications (3)
Publication Number | Publication Date |
---|---|
EP1554862A1 EP1554862A1 (de) | 2005-07-20 |
EP1554862A4 EP1554862A4 (de) | 2010-12-08 |
EP1554862B1 true EP1554862B1 (de) | 2013-11-13 |
Family
ID=31888242
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP03788413.7A Expired - Fee Related EP1554862B1 (de) | 2002-08-14 | 2003-08-13 | Sitzungsschlüsselverwaltung für ein öffentliches drahtloses lan mit unterstützung mehrerer virtueller bediener |
Country Status (9)
Country | Link |
---|---|
US (2) | US7239864B2 (de) |
EP (1) | EP1554862B1 (de) |
JP (1) | JP4695877B2 (de) |
KR (1) | KR101009686B1 (de) |
CN (2) | CN101621798B (de) |
AU (1) | AU2003258184A1 (de) |
BR (1) | BRPI0313412B1 (de) |
MX (2) | MXPA05001669A (de) |
WO (1) | WO2004017617A1 (de) |
Families Citing this family (42)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7239864B2 (en) * | 2002-08-14 | 2007-07-03 | Thomson Licensing | Session key management for public wireless LAN supporting multiple virtual operators |
US8077681B2 (en) * | 2002-10-08 | 2011-12-13 | Nokia Corporation | Method and system for establishing a connection via an access network |
KR100479260B1 (ko) * | 2002-10-11 | 2005-03-31 | 한국전자통신연구원 | 무선 데이터의 암호 및 복호 방법과 그 장치 |
DE60307482T2 (de) * | 2003-11-26 | 2007-03-29 | France Telecom | Authentifizierung zwischen einem zellularen Mobilendgerät und einem kurzreichweitigen Zugangspunkt |
GB2411086B (en) * | 2004-02-12 | 2006-12-06 | Vodafone Plc | Secure communications between terminals |
US20070289023A1 (en) * | 2004-03-01 | 2007-12-13 | Bjorn Bunte | Mobile Game Download to a Cellular Phone Via a Down Load Module by an Internet Access |
US7248856B2 (en) * | 2004-03-15 | 2007-07-24 | Symbol Technologies, Inc. | System and method for client-server-based wireless intrusion detection |
US8954590B2 (en) * | 2004-04-27 | 2015-02-10 | Sap Ag | Tunneling apparatus and method for client-server communication |
KR100843072B1 (ko) | 2005-02-03 | 2008-07-03 | 삼성전자주식회사 | 무선 네트워크 시스템 및 이를 이용한 통신 방법 |
US8532304B2 (en) * | 2005-04-04 | 2013-09-10 | Nokia Corporation | Administration of wireless local area networks |
CN100518374C (zh) * | 2006-02-17 | 2009-07-22 | 鸿富锦精密工业(深圳)有限公司 | 接入点及其确定预共享密钥的方法 |
DE102006038037A1 (de) * | 2006-08-14 | 2008-02-21 | Siemens Ag | Verfahren und System zum Bereitstellen eines zugangsspezifischen Schlüssels |
US8611859B2 (en) * | 2006-09-18 | 2013-12-17 | Samsung Electronics Co., Ltd. | System and method for providing secure network access in fixed mobile converged telecommunications networks |
US8694783B2 (en) * | 2007-01-22 | 2014-04-08 | Samsung Electronics Co., Ltd. | Lightweight secure authentication channel |
US8208635B2 (en) * | 2007-11-13 | 2012-06-26 | Rosemount Inc. | Wireless mesh network with secure automatic key loads to wireless devices |
CN101227362B (zh) * | 2008-01-18 | 2012-05-23 | 西安西电捷通无线网络通信股份有限公司 | 一种无线个域网接入方法 |
CN101232419B (zh) * | 2008-01-18 | 2010-12-08 | 西安西电捷通无线网络通信股份有限公司 | 一种基于原语的无线个域网接入方法 |
DE102009024604B4 (de) * | 2009-06-10 | 2011-05-05 | Infineon Technologies Ag | Erzeugung eines Session-Schlüssels zur Authentisierung und sicheren Datenübertragung |
CN101820629A (zh) * | 2010-04-15 | 2010-09-01 | 华为终端有限公司 | 一种无线局域网中身份认证的方法、装置及*** |
JP5378296B2 (ja) * | 2010-05-10 | 2013-12-25 | 株式会社東芝 | 通信装置および通信方法 |
CN102271125B (zh) * | 2010-06-02 | 2014-05-14 | 杭州华三通信技术有限公司 | 跨设备进行802.1x认证的方法及接入设备、接入控制设备 |
EP2418815B1 (de) | 2010-08-12 | 2019-01-02 | Deutsche Telekom AG | Verwaltung von SIP-Kommunikationen in Richtung einer Benutzereinheit in einem Kommunikationsnetzwerk |
EP2418818B1 (de) | 2010-08-12 | 2018-02-14 | Deutsche Telekom AG | Netzwerkeinheit zur verwaltung von kommunikationen in richtung einer benutzereinheit über ein kommunikationsnetzwerk |
EP2418817B1 (de) | 2010-08-12 | 2018-12-12 | Deutsche Telekom AG | Anwendungsserver zur Verwaltung von Kommunikationen in Richtung eines Benutzereinheitssatzes |
EP2418816B1 (de) * | 2010-08-12 | 2018-12-12 | Deutsche Telekom AG | Registrierung eines Benutzerendgerätes in einem Kommunikationsnetz mittels eines anderen Kommunikationsnetzes |
US8850545B2 (en) * | 2011-03-23 | 2014-09-30 | Interdigital Patent Holdings, Inc. | Systems and methods for securing network communications |
CN102769847B (zh) * | 2011-05-05 | 2018-04-17 | 国民技术股份有限公司 | 一种无线局域网中的安全通信方法及设备 |
US10044713B2 (en) | 2011-08-19 | 2018-08-07 | Interdigital Patent Holdings, Inc. | OpenID/local openID security |
US9204345B1 (en) * | 2012-02-22 | 2015-12-01 | Google Inc. | Socially-aware cloud control of network devices |
US9465668B1 (en) | 2012-04-30 | 2016-10-11 | Google Inc. | Adaptive ownership and cloud-based configuration and control of network devices |
US9143400B1 (en) | 2012-05-01 | 2015-09-22 | Google Inc. | Network gateway configuration |
CN103428649A (zh) * | 2012-05-18 | 2013-12-04 | 国基电子(上海)有限公司 | 网络设备及其密钥通知方法 |
CN103428690B (zh) | 2012-05-23 | 2016-09-07 | 华为技术有限公司 | 无线局域网络的安全建立方法及***、设备 |
US10069811B2 (en) * | 2013-10-17 | 2018-09-04 | Arm Ip Limited | Registry apparatus, agent device, application providing apparatus and corresponding methods |
US9307405B2 (en) | 2013-10-17 | 2016-04-05 | Arm Ip Limited | Method for assigning an agent device from a first device registry to a second device registry |
GB2530028B8 (en) | 2014-09-08 | 2021-08-04 | Advanced Risc Mach Ltd | Registry apparatus, agent device, application providing apparatus and corresponding methods |
CN105828328A (zh) * | 2015-01-09 | 2016-08-03 | 北京囡宝科技有限公司 | 一种网络连接、客户端接入网络的方法及装置 |
CN108093277B (zh) * | 2015-01-30 | 2020-07-10 | 青岛海信传媒网络技术有限公司 | 一种接入广播电视***的方法 |
CN104821951B (zh) * | 2015-05-26 | 2019-04-19 | 新华三技术有限公司 | 一种安全通信的方法和装置 |
US10313156B2 (en) * | 2015-07-17 | 2019-06-04 | Nec Corporation | Communication system, communication apparatus, communication method, terminal, non-transitory medium |
DE102017219808A1 (de) * | 2017-11-08 | 2019-05-09 | Robert Bosch Gmbh | Verfahren zur Absicherung einer Verbindung zwischen einem Endgerät und einem Gerät in einem Netzwerk |
US11564269B2 (en) * | 2019-12-12 | 2023-01-24 | Google Llc | Virtualization of cellular connection as wireless local area network connection |
Family Cites Families (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US226423A (en) * | 1880-04-13 | Paper-bag machine | ||
CZ20014168A3 (cs) * | 1999-05-21 | 2002-05-15 | International Business Machines Corporation | Způsob a zařízení pro inicializaci zabezpečné komunikace a pro vytvoření výhradních dvojic bezdrátových přístrojů |
US7590843B1 (en) * | 1999-10-05 | 2009-09-15 | Nortel Networks Limited | Key exchange for a network architecture |
FI19992197A (fi) | 1999-10-12 | 2001-04-30 | Sonera Oyj | Varmenteiden jakelu |
CN1158814C (zh) * | 1999-11-19 | 2004-07-21 | 讯宝科技公司 | 使移动单元适应无线局域网的装置和方法 |
US7028186B1 (en) * | 2000-02-11 | 2006-04-11 | Nokia, Inc. | Key management methods for wireless LANs |
US7260638B2 (en) * | 2000-07-24 | 2007-08-21 | Bluesocket, Inc. | Method and system for enabling seamless roaming in a wireless network |
GB2367213B (en) * | 2000-09-22 | 2004-02-11 | Roke Manor Research | Access authentication system |
US7058358B2 (en) | 2001-01-16 | 2006-06-06 | Agere Systems Inc. | Enhanced wireless network security using GPS |
US7181530B1 (en) * | 2001-07-27 | 2007-02-20 | Cisco Technology, Inc. | Rogue AP detection |
US7389412B2 (en) * | 2001-08-10 | 2008-06-17 | Interactive Technology Limited Of Hk | System and method for secure network roaming |
CN1268093C (zh) * | 2002-03-08 | 2006-08-02 | 华为技术有限公司 | 无线局域网加密密钥的分发方法 |
US6694134B1 (en) * | 2002-03-18 | 2004-02-17 | Interwave Communications International, Ltd. | Terminal device emulator |
CN1215386C (zh) * | 2002-04-26 | 2005-08-17 | St微电子公司 | 根据量子软计算控制过程或处理数据的方法和硬件体系结构 |
US8630414B2 (en) * | 2002-06-20 | 2014-01-14 | Qualcomm Incorporated | Inter-working function for a communication system |
US20030235305A1 (en) * | 2002-06-20 | 2003-12-25 | Hsu Raymond T. | Key generation in a communication system |
US7239864B2 (en) * | 2002-08-14 | 2007-07-03 | Thomson Licensing | Session key management for public wireless LAN supporting multiple virtual operators |
-
2003
- 2003-08-13 US US10/524,188 patent/US7239864B2/en not_active Expired - Lifetime
- 2003-08-13 BR BRPI0313412A patent/BRPI0313412B1/pt not_active IP Right Cessation
- 2003-08-13 WO PCT/US2003/025254 patent/WO2004017617A1/en not_active Application Discontinuation
- 2003-08-13 JP JP2004529335A patent/JP4695877B2/ja not_active Expired - Fee Related
- 2003-08-13 KR KR1020057002312A patent/KR101009686B1/ko active IP Right Grant
- 2003-08-13 MX MXPA05001669A patent/MXPA05001669A/es active IP Right Grant
- 2003-08-13 CN CN2009101586796A patent/CN101621798B/zh not_active Expired - Fee Related
- 2003-08-13 CN CN038230119A patent/CN1685694B/zh not_active Expired - Fee Related
- 2003-08-13 EP EP03788413.7A patent/EP1554862B1/de not_active Expired - Fee Related
- 2003-08-13 AU AU2003258184A patent/AU2003258184A1/en not_active Abandoned
-
2007
- 2007-05-22 US US11/805,070 patent/US8145193B2/en not_active Expired - Fee Related
- 2007-10-15 MX MX2007012852A patent/MX2007012852A/es not_active Application Discontinuation
Also Published As
Publication number | Publication date |
---|---|
MX2007012852A (es) | 2009-02-17 |
CN1685694A (zh) | 2005-10-19 |
US20060161771A1 (en) | 2006-07-20 |
US20070226499A1 (en) | 2007-09-27 |
AU2003258184A1 (en) | 2004-03-03 |
CN101621798A (zh) | 2010-01-06 |
JP4695877B2 (ja) | 2011-06-08 |
KR101009686B1 (ko) | 2011-01-19 |
JP2005536154A (ja) | 2005-11-24 |
US7239864B2 (en) | 2007-07-03 |
CN101621798B (zh) | 2012-11-14 |
KR20050071473A (ko) | 2005-07-07 |
BR0313412A (pt) | 2005-06-28 |
EP1554862A4 (de) | 2010-12-08 |
US8145193B2 (en) | 2012-03-27 |
BRPI0313412B1 (pt) | 2017-03-21 |
CN1685694B (zh) | 2010-05-05 |
EP1554862A1 (de) | 2005-07-20 |
WO2004017617A1 (en) | 2004-02-26 |
MXPA05001669A (es) | 2005-07-22 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP1554862B1 (de) | Sitzungsschlüsselverwaltung für ein öffentliches drahtloses lan mit unterstützung mehrerer virtueller bediener | |
US11165604B2 (en) | Method and system used by terminal to connect to virtual private network, and related device | |
KR101202671B1 (ko) | 사용자가 가입자 단말에서 단말 장치에 원격으로 접속할 수있게 하기 위한 원격 접속 시스템 및 방법 | |
JP3869392B2 (ja) | 公衆無線lanサービスシステムにおけるユーザ認証方法および該方法をコンピュータで実行させるためのプログラムを記録した記録媒体 | |
JP4666169B2 (ja) | 信頼されないアクセス局を介した通信方法 | |
TWI388180B (zh) | 通信系統中之金鑰產生 | |
US8555344B1 (en) | Methods and systems for fallback modes of operation within wireless computer networks | |
US20070113269A1 (en) | Controlling access to a network using redirection | |
US20060059344A1 (en) | Service authentication | |
JP4824086B2 (ja) | 無線分散システムの認証方法 | |
JP5536628B2 (ja) | 無線lan接続方法、無線lanクライアント、および無線lanアクセスポイント | |
JP2006109449A (ja) | 認証された無線局に暗号化キーを無線で提供するアクセスポイント | |
CN113556227A (zh) | 网络连接管理方法、装置、计算机可读介质及电子设备 | |
AU2018274707B2 (en) | Improvements in and relating to network communications | |
KR20070102830A (ko) | 유무선 네트워크의 검역 및 정책기반 접속제어 방법 | |
CN113543131A (zh) | 网络连接管理方法、装置、计算机可读介质及电子设备 | |
KR20040028062A (ko) | 공중 무선랜 서비스를 위한 무선랜 접속장치간 로밍서비스 방법 | |
CN115278660A (zh) | 接入认证方法、装置及*** | |
Owens | Bluejacking: Bluetooth Graffiti |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20050211 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LI LU MC NL PT RO SE SI SK TR |
|
AX | Request for extension of the european patent |
Extension state: AL LT LV MK |
|
RAP1 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: THOMSON LICENSING Owner name: ZHANG, JUNBIAO |
|
DAX | Request for extension of the european patent (deleted) | ||
RBV | Designated contracting states (corrected) |
Designated state(s): DE FR GB IT |
|
RAP1 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: THOMSON LICENSING Owner name: ZHANG, JUNBIAO |
|
A4 | Supplementary search report drawn up and despatched |
Effective date: 20101109 |
|
RIC1 | Information provided on ipc code assigned before grant |
Ipc: H04M 3/16 20060101AFI20040310BHEP Ipc: H04L 9/08 20060101ALI20101103BHEP |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R079 Ref document number: 60345300 Country of ref document: DE Free format text: PREVIOUS MAIN CLASS: H04M0003160000 Ipc: H04W0012040000 |
|
17Q | First examination report despatched |
Effective date: 20121115 |
|
RIC1 | Information provided on ipc code assigned before grant |
Ipc: H04W 48/18 20090101ALI20121212BHEP Ipc: H04W 12/04 20090101AFI20121212BHEP Ipc: H04L 9/08 20060101ALI20121212BHEP |
|
GRAP | Despatch of communication of intention to grant a patent |
Free format text: ORIGINAL CODE: EPIDOSNIGR1 |
|
INTG | Intention to grant announced |
Effective date: 20130604 |
|
GRAS | Grant fee paid |
Free format text: ORIGINAL CODE: EPIDOSNIGR3 |
|
GRAA | (expected) grant |
Free format text: ORIGINAL CODE: 0009210 |
|
AK | Designated contracting states |
Kind code of ref document: B1 Designated state(s): DE FR GB IT |
|
REG | Reference to a national code |
Ref country code: GB Ref legal event code: FG4D |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R084 Ref document number: 60345300 Country of ref document: DE |
|
RAP2 | Party data changed (patent owner data changed or rights of a patent transferred) |
Owner name: THOMSON LICENSING |
|
REG | Reference to a national code |
Ref country code: GB Ref legal event code: 746 Effective date: 20131218 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R096 Ref document number: 60345300 Country of ref document: DE Effective date: 20140109 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R082 Ref document number: 60345300 Country of ref document: DE Representative=s name: ROSSMANITH, MANFRED, DIPL.-PHYS. DR.RER.NAT., DE Ref country code: DE Ref legal event code: R082 Ref document number: 60345300 Country of ref document: DE Representative=s name: HOFSTETTER, SCHURACK & PARTNER PATENT- UND REC, DE |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R084 Ref document number: 60345300 Country of ref document: DE Effective date: 20131213 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R097 Ref document number: 60345300 Country of ref document: DE |
|
PLBE | No opposition filed within time limit |
Free format text: ORIGINAL CODE: 0009261 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT |
|
26N | No opposition filed |
Effective date: 20140814 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R097 Ref document number: 60345300 Country of ref document: DE Effective date: 20140814 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: IT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20131113 |
|
REG | Reference to a national code |
Ref country code: FR Ref legal event code: PLFP Year of fee payment: 14 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R082 Ref document number: 60345300 Country of ref document: DE Representative=s name: DEHNS, DE Ref country code: DE Ref legal event code: R082 Ref document number: 60345300 Country of ref document: DE Representative=s name: DEHNS PATENT AND TRADEMARK ATTORNEYS, DE Ref country code: DE Ref legal event code: R082 Ref document number: 60345300 Country of ref document: DE Representative=s name: HOFSTETTER, SCHURACK & PARTNER PATENT- UND REC, DE |
|
REG | Reference to a national code |
Ref country code: FR Ref legal event code: PLFP Year of fee payment: 15 |
|
REG | Reference to a national code |
Ref country code: FR Ref legal event code: PLFP Year of fee payment: 16 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R082 Ref document number: 60345300 Country of ref document: DE Representative=s name: DEHNS, DE Ref country code: DE Ref legal event code: R081 Ref document number: 60345300 Country of ref document: DE Owner name: INTERDIGITAL CE PATENT HOLDINGS SAS, FR Free format text: FORMER OWNER: THOMSON LICENSING, ISSY-LES-MOULINEAUX, FR Ref country code: DE Ref legal event code: R082 Ref document number: 60345300 Country of ref document: DE Representative=s name: DEHNS PATENT AND TRADEMARK ATTORNEYS, DE |
|
REG | Reference to a national code |
Ref country code: GB Ref legal event code: 732E Free format text: REGISTERED BETWEEN 20190926 AND 20191002 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: DE Payment date: 20200827 Year of fee payment: 18 Ref country code: FR Payment date: 20200824 Year of fee payment: 18 Ref country code: GB Payment date: 20200825 Year of fee payment: 18 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R119 Ref document number: 60345300 Country of ref document: DE |
|
GBPC | Gb: european patent ceased through non-payment of renewal fee |
Effective date: 20210813 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: GB Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20210813 Ref country code: FR Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20210831 Ref country code: DE Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20220301 |